| |
@@ -7,10 +7,13 @@
|
| |
import pagure.lib.model
|
| |
|
| |
try:
|
| |
- from pagure.lib import _get_project as get_project
|
| |
+ from pagure.lib import _get_project as get_project, add_user_to_project
|
| |
except ImportError:
|
| |
# From pagure 5.2, code has been moved to pagure.lib.query
|
| |
- from pagure.lib.query import _get_project as get_project
|
| |
+ from pagure.lib.query import (
|
| |
+ _get_project as get_project,
|
| |
+ add_user_to_project,
|
| |
+ )
|
| |
|
| |
import tests
|
| |
|
| |
@@ -600,6 +603,91 @@
|
| |
self.expect_info_msg("Unspecified branch push")
|
| |
|
| |
|
| |
+ class DistGitAuthTestsFedoraCommitterAccess(DistGitAuthTests):
|
| |
+ dga_config = {
|
| |
+ "PR_ONLY": False,
|
| |
+ "ACL_BLOCK_UNSPECIFIED": False,
|
| |
+ "BLACKLIST_RES": ["refs/heads/c[0-9]+.*"],
|
| |
+ "UNSPECIFIED_BLACKLIST_RES": ["refs/heads/f[0-9]+"],
|
| |
+ "RCM_GROUP": "relenggroup",
|
| |
+ "RCM_BRANCHES": ["refs/heads/f[0-9]+"],
|
| |
+ "ACL_PROTECTED_NAMESPACES": ["rpms", "modules", "container"],
|
| |
+ "PDC_URL": "invalid://",
|
| |
+ }
|
| |
+
|
| |
+ def setUp(self):
|
| |
+ super(DistGitAuthTestsFedoraCommitterAccess, self).setUp()
|
| |
+
|
| |
+ project = self.create_namespaced_project("rpms", "test")
|
| |
+
|
| |
+ msg = add_user_to_project(
|
| |
+ session=self.session,
|
| |
+ project=project,
|
| |
+ new_user="foo",
|
| |
+ user="pingou",
|
| |
+ access="collaborator",
|
| |
+ branches="epel*",
|
| |
+ )
|
| |
+ self.session.commit()
|
| |
+ self.assertEqual(msg, "User added")
|
| |
+
|
| |
+ @patch("dist_git_auth.requests")
|
| |
+ def test_protected_unspecified_branch_collaborator_invalid_branch(
|
| |
+ self, mock_requests
|
| |
+ ):
|
| |
+ project = get_project(self.session, name="test", namespace="rpms")
|
| |
+ res = Mock()
|
| |
+ res.ok = True
|
| |
+ res.json.return_value = {"results": []}
|
| |
+ mock_requests.get.return_value = res
|
| |
+
|
| |
+ self.assertFalse(
|
| |
+ self.dga.check_acl(
|
| |
+ self.session,
|
| |
+ project=project,
|
| |
+ username="foo",
|
| |
+ refname="refs/heads/mywip",
|
| |
+ pull_request=None,
|
| |
+ repodir=None,
|
| |
+ repotype="main",
|
| |
+ revfrom=None,
|
| |
+ revto=None,
|
| |
+ is_internal=False,
|
| |
+ )
|
| |
+ )
|
| |
+
|
| |
+ self.expect_info_msg("Committer: False")
|
| |
+ self.expect_info_msg("Fall-through deny")
|
| |
+
|
| |
+ @patch("dist_git_auth.requests")
|
| |
+ def test_protected_unspecified_branch_collaborator_valid_branch(
|
| |
+ self, mock_requests
|
| |
+ ):
|
| |
+ project = get_project(self.session, name="test", namespace="rpms")
|
| |
+ res = Mock()
|
| |
+ res.ok = True
|
| |
+ res.json.return_value = {"results": []}
|
| |
+ mock_requests.get.return_value = res
|
| |
+
|
| |
+ self.assertTrue(
|
| |
+ self.dga.check_acl(
|
| |
+ self.session,
|
| |
+ project=project,
|
| |
+ username="foo",
|
| |
+ refname="refs/heads/epel8",
|
| |
+ pull_request=None,
|
| |
+ repodir=None,
|
| |
+ repotype="main",
|
| |
+ revfrom=None,
|
| |
+ revto=None,
|
| |
+ is_internal=False,
|
| |
+ )
|
| |
+ )
|
| |
+
|
| |
+ self.expect_info_msg("Committer: True")
|
| |
+ self.expect_info_msg("Committer push")
|
| |
+
|
| |
+
|
| |
class DistGitAuthTestsCentOS(DistGitAuthTests):
|
| |
dga_config = {
|
| |
"PR_ONLY": False,
|
| |
Shouldn't the debugging messages here and above reflect the true meaning? E.g. "May commit:" above and "Push by committer/collaborator"? Not sure how important clarity is for debugging output like this.